CVE-2026-26342 - Vulnerability Details

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00305.

Exploitation poc

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tattile s.r.l.

Smart+

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Tolling+

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Smart+ Speed

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Smart+ Traffic Light

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Axle Counter

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Vega53

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Vega33

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Vega11

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

Basic MK2

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Tattile s.r.l.

ANPR Mobile

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.181.5

Configuration 1 [-]

AND

cpe:2.3:o:tattile:smart\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:smart\+:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tattile:tolling\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:tolling\+:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tattile:smart\+_speed_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:smart\+_speed:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tattile:smart\+_traffic_light_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:smart\+_traffic_light:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tattile:axle_counter_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:axle_counter:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tattile:vega53_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:vega53:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tattile:vega33_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:vega33:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:tattile:vega11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:vega11:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:tattile:basic_mk2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:basic_mk2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:tattile:anpr_mobile_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tattile:anpr_mobile:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Tattile Subscribe	Anpr Mobile Subscribe Axle Counter Subscribe Basic Mk2 Subscribe Smart+ Subscribe Smart+ Speed Subscribe Smart+ Traffic Light Subscribe Tolling+ Subscribe Vega11 Subscribe Vega33 Subscribe Vega53 Subscribe

Project Subscriptions

Vendors	Products
Tattile Subscribe	Anpr Mobile Subscribe Anpr Mobile Firmware Subscribe Axle Counter Subscribe Axle Counter Firmware Subscribe Basic Mk2 Subscribe Basic Mk2 Firmware Subscribe Smart+ Subscribe Smart+ Speed Subscribe Smart+ Traffic Light Subscribe Smart\+ Subscribe Smart\+ Firmware Subscribe Smart\+ Speed Subscribe Smart\+ Speed Firmware Subscribe Smart\+ Traffic Light Subscribe Smart\+ Traffic Light Firmware Subscribe Tolling+ Subscribe Tolling\+ Subscribe Tolling\+ Firmware Subscribe Vega11 Subscribe Vega11 Firmware Subscribe Vega33 Subscribe Vega33 Firmware Subscribe Vega53 Subscribe Vega53 Firmware Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.tattile.com/
https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php

History

Fri, 27 Feb 2026 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tattile anpr Mobile Firmware Tattile axle Counter Firmware Tattile basic Mk2 Firmware Tattile smart\+ Tattile smart\+ Firmware Tattile smart\+ Speed Tattile smart\+ Speed Firmware Tattile smart\+ Traffic Light Tattile smart\+ Traffic Light Firmware Tattile tolling\+ Tattile tolling\+ Firmware Tattile vega11 Firmware Tattile vega33 Firmware Tattile vega53 Firmware
CPEs		cpe:2.3:h:tattile:anpr_mobile:-:::::::* cpe:2.3:h:tattile:axle_counter:-:::::::* cpe:2.3:h:tattile:basic_mk2:-:::::::* cpe:2.3:h:tattile:smart\+:-:::::::* cpe:2.3:h:tattile:smart\+_speed:-:::::::* cpe:2.3:h:tattile:smart\+_traffic_light:-:::::::* cpe:2.3:h:tattile:tolling\+:-:::::::* cpe:2.3:h:tattile:vega11:-:::::::* cpe:2.3:h:tattile:vega33:-:::::::* cpe:2.3:h:tattile:vega53:-:::::::* cpe:2.3:o:tattile:anpr_mobile_firmware:::::::: cpe:2.3:o:tattile:axle_counter_firmware:::::::: cpe:2.3:o:tattile:basic_mk2_firmware:::::::: cpe:2.3:o:tattile:smart\+_firmware:::::::: cpe:2.3:o:tattile:smart\+_speed_firmware:::::::: cpe:2.3:o:tattile:smart\+_traffic_light_firmware:::::::: cpe:2.3:o:tattile:tolling\+_firmware:::::::: cpe:2.3:o:tattile:vega11_firmware:::::::: cpe:2.3:o:tattile:vega33_firmware:::::::: cpe:2.3:o:tattile:vega53_firmware::::::::
Vendors & Products		Tattile anpr Mobile Firmware Tattile axle Counter Firmware Tattile basic Mk2 Firmware Tattile smart\+ Tattile smart\+ Firmware Tattile smart\+ Speed Tattile smart\+ Speed Firmware Tattile smart\+ Traffic Light Tattile smart\+ Traffic Light Firmware Tattile tolling\+ Tattile tolling\+ Firmware Tattile vega11 Firmware Tattile vega33 Firmware Tattile vega53 Firmware
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 26 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Feb 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tattile Tattile anpr Mobile Tattile axle Counter Tattile basic Mk2 Tattile smart+ Tattile smart+ Speed Tattile smart+ Traffic Light Tattile tolling+ Tattile vega11 Tattile vega33 Tattile vega53
Vendors & Products		Tattile Tattile anpr Mobile Tattile axle Counter Tattile basic Mk2 Tattile smart+ Tattile smart+ Speed Tattile smart+ Traffic Light Tattile tolling+ Tattile vega11 Tattile vega33 Tattile vega53

Tue, 24 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Title		Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Weaknesses		CWE-613
References		https://www.tattile.com/ https://www.vulncheck.com/advisories/tattile-smart-vega-basic-insufficient-session-token-expiration https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-02-24T18:41:09.935Z

Updated: 2026-02-26T19:58:40.958Z

Reserved: 2026-02-13T17:28:43.054Z

Link: CVE-2026-26342

Vulnrichment

Updated: 2026-02-26T19:57:38.964Z

NVD

Status : Analyzed

Published: 2026-02-24T20:27:48.310

Modified: 2026-02-27T03:10:51.703

Link: CVE-2026-26342

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-02-25T11:35:46Z

Weaknesses

CWE-613

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object